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Abstract. Expansion is an operation on typings (i.e., pairs of typing 
environments and result types) defined originally in type systems for the 
A-calculus with intersection types in order to obtain principal (i.e., most 
informative, strongest) typings. In a type inference scenario, expansion 
allows postponing choices for whether and how to use non-syntax-driven 
typing rules (e.g., intersection introduction) until enough information has 
been gathered to make the right decision. Furthermore, these choices can 
be equivalent to inserting uses of such typing rules at deeply nested posi- 
tions in a typing derivation, without needing to actually inspect or mod- 
ify (or even have) the typing derivation. Expansion has in recent years 
become simpler due to the use of expansion variables (e.g., in System E). 
This paper extends expansion and expansion variables to systems with 
V-quantifiers. We present System F s , an extension of System F with ex- 
pansion, and prove its main properties. This system turns type inference 
into a constraint solving problem; this could be helpful to design a mod- 
ular type inference algorithm for System F types in the future. 

1 Introduction 

1.1 Background and Motivation 

Polymorphism and principal typings. Many practical uses of type systems re- 
quire polymorphism, i.e., the possibility to reuse a generic piece of code with 
different types. Type systems most commonly provide polymorphism through 
V- quantifiers, like in the Hindley-Milner (HM) type system [15] and in System F 
[18,7], but can also use other methods like intersection types [3]. Systems with 
V-quantifiers assign general type schemes that can be instantiated to more spe- 
cific types; for example, the identity function can be typed with Va.(a — > a), and 
then used with types int — > int or real — > real when applied respectively to an 
integer or a real. Systems with intersection types list the different usage types of 
a term; if the identity function is applied exactly twice in a code fragment, once 
to an integer and once to a real, then its type will be (int — > int) Fl (real — > real). 

Type systems with V-quantifiers are very popular, but they often lack prin- 
cipal typings [25], i.e., strongest, most informative typings (a typing is usually a 
pair of a type environments and a result type). Wells [25] proved that HM and 
System F do not have principal typings. It is important not to confuse this no- 
tion with the (weaker) one of "principal types" defined for the HM type system 
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in which typable terms admit a strongest result type for each fixed type envi- 
ronment. Principal typings are crucial for compositional type inference, where 
types for terms are found using only the analysis results of the immediate sub- 
components, which can be inspected independently and in any order. Composi- 
tional type inference helps in performing separate analysis of program modules, 
and therefore helps with separate compilation. Note that the Damas-Milner al- 
gorithm [4] for HM is not fully compositional: to give a type for a let-binding 
let x = e\ in e 2 , the algorithm must infer first a type for ei, and then use the 
result to type e 2 . 

Expansion and expansion variables. In contrast, type systems with intersection 
types usually have principal typings [3]. In such systems, admissible typings are 
obtained from a principal one using expansion (in addition to substitution and 
weakening). We present this mechanism through an example, taken from [2]. 
Consider the following A-terms: 

Mi — Xx.x (\y.y z) M 2 — Xg.Xx.g (g x) 

One can compute the following principal typings for these terms in the type 
system of Coppo, Dezani, and Veneri [3]. 

Mi : (z : a h (((a ->• b) ->• b) ->• c) ->■ c) 

S v ' 

Ti 

M 2 : (0 h ((e -> /) R (d -> e)) -> (d -> /)> 

S v ' 

T 2 

Following [2], we write M : (A h T) for the assignment of type T under type 
environment A (often written A h M : T in the literature) . To type the applica- 
tion Mi M 2 , we must somehow "unify" T\ and T 2 . We cannot do this by simple 
type substitutions, replacing type variables by types; we have a clash between 
type (a — > b) — > b and type (e — > f) R (d — V e). We cannot unify these types 
by removing the intersection, using idempotence T R T = T; we would have 
to solve the equation a — > b = 6, which does not have a solution in absence of 
recursive types. 

This inference problem can be solved by introducing an intersection in the 
typing of Mi , using expansion. 

Mi : (z : ai R a 2 h (((oi -> &i) ->■ 6i R (a 2 ->■ 62) -> 62) -> c) -> c) 

We can then unify the two types as required by applying the substitution e := 
ai — >• 61, / := bi,d := a 2 — > ai — > 61, fe 2 := ai — > 61, c := (a 2 — >• 01 — > bi) — > bi 

The expansion operation simulates on typings the use of an intersection in- 
troduction typing rule at a nested position in the typing derivation. The above 
expansion on the typing of Mi transforms the typing derivation on the left in 
the figure below into the derivation on the right (we write @ for the application 
typing rule, A and R for respectively abstraction and intersection introductions), 
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Ax. 

x ((a-¥b)-tb)-tc 



\ x T ^ c 




where T = ((ai -> 61) -)■ 61) R ((a 2 -> b 2 ) ->■ fo)- 

Earlier definitions of expansion [3,19] are quite difficult to follow and to 
implement. Expansion variables (or E- variables) were introduced by Kfoury and 
Wells in System I [8] to simplify expansion application. The construct has then 
been improved in System E [1]. An E- variable e is a placeholder for unknown 
uses of typing rules such as Pi-introduction. For example, the following typing 
derivation for Mi 

Ax. 



((a->6)-»-&)->c 



e 
1 

Ay- 



generates this typing: 



Mi : (z : e a h (e ((a -> 6) -> &) -> c) -> c) 



Note that the variable e is introduced in the result type as well as in the type 
environment. One can then perform the previous expansion by replacing e by 
the expansion term (a := a\,b := b\) Pi (a := a 2l b := b 2 ) 1 which introduces 
an intersection Pi at the e position and applies a different substitution for each 
branch of the intersection. We then obtain the desired typing with intersection, 
given above. 



Motivation. The idea behind expansion is fairly general, even if it has been 
defined only in systems with intersection types. It allows postponing the uses 
of non-syntactic typing rules, i.e., rules that are not driven by the syntax of 
terms, such as R-introduction, but also V-introduction and V-climination. This 
is helpful in type inference scenarios: constructor introductions or eliminations 
can be delayed until all necessary information has been gathered. In the above 
example, we introduce an intersection in the typing of Mi only when we have 
to, when applying Mi to M 2 . We want to bring this possibility of delaying 
the choice of uses of typing rules to type system with V-quantificrs, to see how 
(compositional) type inference could benefit from this property. We present an 
extension of System F with an expansion mechanism, called System F s . Before 
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going into the details of its syntax in Section 2, we first informally introduce 
System F s and point out the main differences between its expansion mechanism 
and the one of System E. 



1.2 Overview of System F s 

Quantifier introduction. Assume that we have the following typings for the terms 
Mi and M 2 given above. 

M 1 :{z:aV- (((a -> b) -> b) -> c) -> c) 
. ' 

Ti 

M 2 : (0 h (Ve.((d -> e) -> e)) -> (d -> d -> /) -> /) 

S v ' 

T 2 

Suppose we have forgotten Mi and M 2 (e.g., we have already compiled them 
and discarded the source code), and we want to type the application Mi M 2 . We 
need to "unify" Ti and T 2 . We cannot unify (a — > &) — > 6 and Ve.((d — > e) — >• e) 
using only type substitutions, because of the V-quantificr. This V-quantifier is 
necessary, because the term g is used twice in M 2 with different usage types. We 
can solve this problem by introducing in T\ a V-quantifier over b, the scope of 
which encompasses (a — >• b) — > b. To this end, we introduce an expansion variable 
s at the required position in the typing of Mi (we use s instead of e to avoid 
confusion with the E- variables of System E) . 

Mi : (z : a h (s^ ((a -> b) -> b) -> c) -> c) 

Unlike expansion variables in System E, s is not introduced in the type environ- 
ment; the application of s to the typing is asymmetric. We discuss the role of the 
superscript {a} below. A V-quantifier over b can be introduced at the position 
we want by replacing s by the expansion term V6. This operation corresponds 
to the following transformation on derivation trees 



\x. 



Ay. 



x (Vb.((a^b)^b))^c 

I 

Ay. 



y 

and generates the typing 



y a^b z a 



Mi : (z : a h (V6.((a -> 6) -»• 6) -> c) -> c) 

as wished. We can then unify V6.((a — >■ 6) — > 6) — > c with T 2 , by substituting d 
for a and (d — > d — > /) — > / for c. The key point is we can get the new typing 
without needing to build the typing derivation (or have any memory of Mi). 
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When we introduce a V-quantifier, we forbid any quantification over type 
variables that are free in the type environment. To take this into account, we 
keep the set of free variables of the environment as a parameter of the E- variable. 
For example, when we introduce s in the typing of M\, a is the only free variable 
occurring in the environment; we remember the set {a} in . This prevents 
any illegal quantification from happening; replacing s by the expansion Va does 
not introduce a quantification over a in this case and leaves the typing judgement 
unchanged. 

Subtyping. E-variables can be used to perform subtyping as well. Consider 
System F V-climination as a subtyping relation: Va.Ti < [a := T^fT\. Let 
A = choose : Ma. (a — > a — > a), id : Va.(a — > a) and suppose we want to type 
the application M = choose id under A (this example is taken from [11]). We 
can derive the typing (A h (Va.(a — > a)) — > (Va.(a — > a))) for M; however if we 
want to apply M to a term of type b — > b, we have to redo the type inference on 
M to obtain the needed typing (A h (b ->■ 6) -> (6 -> 6)). 

To avoid this, we add an E- variable s on top of the type of id; we obtain 
the following typing derivation (nodes marked with a type represent uses of 
subtyping, i.e., in our case, instantiations of V-quantifiers) 



T -^T^T s 
choose Va '( a ^ a ^ a ) jd Vo -(°-K0 

with T = s Va.(a — > a), giving typing 

M:(ih (s Va.(a -)• a)) -> (s Va.(a -)• a))) 

If we want to apply M to a term M' of type 6 — > 6, we utilize expansion to 
introduce the use of subtyping Va.(a — ► a) < 6 — > b at the s position in the 
typing tree. In the process, the type T — > T — > T is updated into (6 — ► 6) — >• 
(b -> 6) ->■ (6 -> 6). Wc obtain 

(b -> 6) -> (6 -> 6) -»• (6 -> 6) 6^6 

i 

ch00Se Va - (a ^ a ^ a) ; d Va.(a^a) 

with typing M : (A h (6 -> &) — >• (6 — >• 6)), and we can then type M M'. In 
fact, the expansion mechanism for subtyping introduction does not depend on 
the definition of <, and therefore we keep System F s parametric in its subtyping 
relation. 

1.3 Summary of contributions 

We define System F s and present its principal properties. Improvements over 
previous work are as follows: 
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x £ TermVar ::= X; 


M € Term 


:=x\ 


Az.M | Mi @ M 2 




a, b 6 TypeVar ::= a. 


T £ Type 


:=a\ 


Ti ->■ T 2 | Va.T | s B T 




s 6 ExpVar ::= s. 


S e Substitution 


:= a : 


= T, S | s := L, S 1 | □ 




B £ P fin (TypeVar) 


L € Expansion 


:= O 


| Va.L | s B L | L :T 






A € Constraint 


:= T 


7i < T 2 | Zii A A 2 j 3a.Zi 


St A 




A £ TypeEnv 


:=0| 


A, a; : T 






Q £ Skeleton 


:= x A 


| A:r.Q | Qi@Q 2 | Va.Q | s 


B Q Q' T 



Fig. 1: Syntax grammars and metavariable conventions 



1. System F s is the first type system with an expansion mechanism for V- 
quantificrs, where we can delay V-introduction and uses of sub typing with 
expansion. 

2. System F s extends the notion of expansion; we introduce a new expansion 
mechanism with its corresponding (asymmetric) E-variables, which differ 
greatly from the ones of System E [1]. 

3. We prove that we can generate all System F s judgements from a initial 
skeleton, an incomplete typing derivation with constraints that need to be 
solved. This property is a (weaker) form of principality (Theorem 5.4). 

4. System F s is parametric in its subtyping relation; by using different subtyp- 
ing relations (such as System F type application or Mitchell's relation [16]), 
one can change the typing power of System F s without modifying the typing 
rules or judgements. 

5. System F s turns type inference into a type constraint solving problem. We 
believe it can be helpful to reason about modular type inference, even if we 
do not provide a constraint solving algorithm yet. 

The proofs are available in the appendices. 
2 Syntax 

Fig. 1 defines the grammars and metavariable conventions of the entities used 
in this paper. Let i, j, m, n range over natural numbers. Given a set X, we 
write Vf ln (X) for the set of finite subsets of X. We distinguish between the 
metavariables x, a, s, and the concrete variables Xj, a i; Sj. The (non-standard) 
symbol @ used for application helps in reading skeletons, and we keep it for 
terms for consistency. We explain the role of constraints (A) and skeletons (Q) 
in Section 3, and the syntax of expansion terms (L) and substitutions (S) in 
Section 4. 

Precedence. To reduce parenthesis usage, we define precedence for operators 
and operations defined later (such as substitution and expansion applications 
[S]T and \L\ B T) in the following order, from highest to lowest: s B T, Va.T, 
[S]T, {L\ B T, Ti — > T 2 . For example, [5]Ti -> s B T 2 = {[S]^) ->• {s B T 2 ) and 
Va.a — > Va.a = (Va.a) — > (Va.a). Furthermore, the function type constructor is 
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, Q> M : (A.x : Ti h T 2 )/A 
x A >x: (A\-A(x))/T (var) — " - ■ (abs 

Qi > Mi : (A h Ti -»■ T 2 )/Zii Q 2 t> M 2 : (A h Ti)/^ , x 

(app) 

QiQQ 2 t>M 1 iM 2 :{4hT 2 )/(Z\ 1 AZi2) 

QoM: (AhT)/Z\ a^ftv(A) Q t> M : (A\- T)/A ftv(A) C B 

Va.Q > M : (A h Va.T)/3a.4 (V_I) s s Q > M : (A h s B T)/s? Z\ ^ 

Q>M : (AhTi)/4 



Q :T2 > M : (A h T 2 )/(Z\ A (Ti < T 2 )) 



(<) 



Fig. 2: Typing rules 



right-associative, so that T\ — > T 2 —> T 3 = T\ — > (T 2 — » 73), and the application 
is left-associative, so that M 1 @M 2 @M 3 = (Mi @ M 2 ) @ M 3 . 

Equalities and a-conversion. We allow a-conversion of bound variables in types 
(where Va.T binds a), skeletons (where \x.Q binds a; and Va.Q binds a), and 
constraints (where 3a. A binds a). Note that a is not bound in the expansion 
term Va.T, and therefore it cannot be a-converted. 

We equate types up to reordering of adjacent V-quantificrs (so Va1.Va2.2T 1 = 
Va2-Vai.T), and suppression of dummy quantifiers (if a is not free in T, then 
Va.T = T). We also enforce the following equalities on constraints 

3a.(A 1 AA 2 ) = (Ba.Ai) A (3a.A 2 ) AaA = A Z\ A T = Z\ 

sf {Ax A A 2 ) = Of Ai) A (sf Z\ 2 ) ^1 A Z\ 2 = Zi 2 A Z\i 
Z\i A (A 2 A Z\ 3 ) = (At A Z\ 2 ) A Z\ 3 3a. A = A if a is not free in Z\ 

Auxiliary notations and functions. Let fv(M) be the set of free variables of M, 
defined in the usual way. The free type variables of a type, an expansion, and a 
substitution are defined as follows. 

ftv(a) = {a} ftv(O) = 

ftv(Ti -)■ T 2 ) = ftv(Ti) U ftv(T 2 ) ftv(T :T ) = ftv(L) U ftv(T) 
ftv(Va.T) = ftv(T) \ {a} ftv(Va.T) = ftv(L) U {a} 

ftv(s B T) = ftv(T) U B ftv(s B L) = ftv(L) U B 

ftv(E) = 

ftv(a := T, S) = {a} U ftv(T) U ftv(S) 
ftv(s := L, S) = ftv(T) U ftv(S) 



3 Typing rules 

A type environment A (defined in Fig. 1) is a list of assignments which maps term 
variables to types. When writing a non-empty environment, we allow omitting 
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the leading symbols "0,". A type environment is well-formed iff it does not 
mention twice the same term variable. Henceforth, we consider only well-formed 
type environments. For A = x\ : T\,...,x n : T n , we define A(xi) = Ti for 
ie{l...n}, ftv(A) = U»e{i... n } ftv ( T i)i and support(A) = {xi . . . x n }. 

The typing rules of System F s (Fig. 2) derive judgements of the form Q t> 
M : (Ah T) /A, where constraints that need to be solved (by type inference) are 
accumulated in A. A constraint of the form T\ <T2 is called atomic. By including 
constraints in judgements, we can use the same rules for type checking and type 
inference. If the constraint is solved w.r.t. some subtyping relation, then the 
judgement acts as a regular typing judgement, assigning typing (A h T) to the 
untyped term M. 

A skeleton Q is just a proof term, a compact piece of syntax which represents 
a complete typing derivation. A skeleton Q is valid iff there exist M , A, T, and 
A such that Q > M : (AY- T)/A. Henceforth, we consider only valid skeletons. 
All components of a judgement Q > M : (A h T) /A are uniquely determined by 
Q, therefore we can define functions rtype and tenv such that rtype(Q) = T and 
tenv(Q) = A. Skeletons replace typing derivation trees in formal statements. For 
example, Ax.(x a::Va a ) : ( Va a ^ & @x a::Va a represents the following derivation. 

x : (x : Va.a h Va.a)/T 
x : (x : Va.a h (Va.a) -> 6)/(Va.a < (Va.a) -> 6) x : (x : Va.a h Va.a)/T 
x @ x : (x : Va.a h 6)/(Va.a < (Va.a) — > b) 
Xx.x@x : (0 h (Va.a) -> 6)/(Vo.a < (Va.a) -> &) 

In examples, we sometimes omit skeletons and constraints when they are not 
relevant, writing M : (A h T) iff there exists Q, /A such that Q > M : (A h T)/A. 

Remark 3.1. A variable skeleton x" 4 remembers a type environment A and not 
simply the type of x to be able to type a variable x in a term Ax.M such that 
x ^ fv(M). For example, we have Xx.y x:a,v ' b > Ax.y : (y : 6 h a — > b)/T. 

We could have used A-terms with only type annotations on bindings, like 
many other systems, but our skeletons are also useful because they uniquely 
represent entire typing derivations (judgement trees). We also prefer our skele- 
tons because a goal for future work is a system containing both System E and 
System F s (cf. Section 8), and our format of skeleton is better suited for the 
intersection introduction typing rule of System E, as discussed in [26]. □ 

Rules (var), (abs), and (app) are classic. The subtyping rule (<) generates 
a new atomic constraint, the meaning of which depends on the chosen subtyp- 
ing relation (cf. solvedness definition in Section 6.1). Rule (V-l) introduces a 
V-quantifier over a, provided that a is not free in A. Note that a may occur free 
in A; we use an existential quantifier 3a. A to bind it, as solvedness requires A 
to be solved for some a (cf. Section 6.1), and not for all possible instantiations 
of a, as a V-bindcr would suggest. 

Rule (s-l) introduces an expansion variable s to mark a position in the deriva- 
tion tree where a V-quantifier can be added or where subtyping can be used. 
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= w 




= Z\ 


Is 3 ' Lj B W 


= s bub ' m B 'w) 


[ s s ' L\ B A 


= «fti' T (Wt4) 


\ia.L\ B W 


J Va.[L] s W if a g B 
" \ [L1 S W otherwise 


[Va.LjfZi 


_ f 3a-IL]fZi if a £ S 

~ \ [L]f 4 otherwise 

= ([Llf 1 Zi)A(([L] s T 1 )<T 2 ) 


\L' T2 \ B T\ 






w T n B Q 


= (tl s Q) :T2 







Fig. 3: Expansion application 



Because a quantification over a free variable of A is not allowed (rule (V-l)), the 
E- variable remembers an over- approximation B of ftv(^4), which is used by the 
expansion mechanism to prevent any illegal V-introduction from happening. The 
type T mentioned in s B A can be used during expansion to generate an atomic 
constraint T < T' if needed. We explain the expansion mechanism in detail in 
the next section. 

Remark 3.2. The rule (var) may also introduce E- variables, as for example in 
x x-.s a > x . : s a\~ s a) /T. In this case, performing expansion at the position 
of s does not correspond to a use of rules (V-l) or (<), and the set B of type 
variables remembered by s can be any set. Indeed we can derive x x:s a > x : 
(x : s B ah- s B a) /T for any B. □ 

Remark 3.3. In rule (s-l), we can remember a set bigger than ftv(A) for subject 
reduction to hold. For example, consider the following judgement 

Q > (\x.y) @ \x.x :{y:bY- s {a - b} b) /s { b aM T 

with Q = (Xx.s^M y x:a ^ a <v b )@\x.x x:a ' y ' h . The term (Xx.y) @ Xx.x reduces to 
y, and to derive 

S UM y y:b > y . ( y . 6 h s {aM j g {a,b} 

we have to be able to mention a even if it does not appear in y : b. □ 

4 Substitution and expansion 
4.1 Expansion application 

The syntax of expansion terms is given in Fig. 1. Let W range over types and 
skeletons. Fig. 3 defines the application of expansion to types, skeletons, and 
constraints. When applied to a type or a skeleton, the expansion mechanism relies 
on a set of type variables B, used in introductions of E- variable and V-quantificr; 
when applied to a constraint, it requires an extra parameter (a type) to generate 
an appropriate atomic constraint if needed. Each construct of expansion terms 
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Metavariables 


[S]x A 


= x ls]A 


v ::= a s 


[S]\x.Q 


= \x.[S]Q 


$::=T\L 


[S](Qi@Q 2 ) 
[S](s B Q) 


= ([S]Qi)@([S]Q2) 


Substitution application 


= l[s]4 ftv([s]B) [s]Q 


[□]o = a 


[S]Va.Q 


= Va.[S]Q if a <£ ftv(5) 


[B]s = s 9 o 


[SW T ) 


= [S]Q : l s l T 


[v ■— $, S]v = <P 






[v := <f>,S]v' = [S]v' ifv^v' 


[5](Ti <T 2 ) 


= [5]Ti < [fifJTa 




[S]T 


= T 


[S](s B T) =l[S}sf^ ls]B) [S}T 


A) 




[SIVa.T = Va.[S]T if a £ ftv(S) 


[S]3a.A 


= 3a.[S]A if a$ ftv(5) 


[S](Ti ->T 2 ) = [5]Ti [5]T 2 


[S}(A 1 AA 2 ) 


= A ([S]4 2 ) 



Fig. 4: Substitution application 



corresponds to the application of a non-syntactic typing rule, except for the null 
expansion <J>, which leaves unchanged the entities it is applied to. 

E-variable and V-quantificr expansions behave the same on types, skeletons, 
and constraints. Applied with parameter B, the expansions s B L and Va.L first 
execute L and then introduce an E-variable s (with set B U B' of variables that 
cannot be quantified) and a quantifier over a (iff a ^ B), respectively. When 
applied to all parts of a judgement Q > M : (A h T)/A, we must have ftv(A) C B 
for these operations to be sound w.r.t. rules (s-l) and (V-l) (cf. Lemma 4.1). 

The expansion L' T2 first applies L and then performs subtyping with T2, as 
we can see in the skeleton case. When applied to a type, only the subtyping 
step matters, and we simply obtain T^. Finally, the constraint case A requires 
an extra parameter T\ to generate a new atomic constraint. In practice, T\ will 
be the result type of the judgement Q > M : (A h T\)/A from which A comes. 
When L' T2 is applied to the above judgement, L is applied first, in particular to 
the type T\. To take this into account, the generated constraint is (\L\ B T\) <T 2 
(and not simply T\ <T 2 ). 

Expansion is sound w.r.t. to the type system of System F s . 

Lemma 4.1. If Q > M : (A h T) / A and ftv(A) C B, then {L\ B Q > M : 
(A h {L\ B T)/IL\ B A. □ 

Expansion operates only at the top-level of the typing judgement in Lemma 4.1; 
in order to expand at a deeply nested position, we have to replace an E-variable 
s by an expansion L, as explained in the next section. 

4.2 Substitution application 

Substitutions (defined in Fig. 1) are lists of assignments that map type variables 
to types (a := T) and E-variables to expansions (s := L), ended by the symbol 
□ . Application of substitutions to type variable sets B and type environments A 
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is pointwise. Given a finite set of types {T\ . . . T n }, we define ftv({Xi . . . T„}) as 
Uie{i n}f tv (^i)- Fig- 4 defines application of substitutions to variables, types, 
skeletons, and constraints. 

A substitution S generates a type T (resp. an expansion L) when applied to 
a type variable a (resp. to an E- variable s). A substitution may contain several 
assignments for the same variable, as in S = (a := T\,a := T 2 , □); in this case, 
only the first one is considered. We choose this design for simplicity; an alter- 
nate solution would be to syntactically prevent repetitions in the substitution 
definition, but the definition would then become more complex for no obvious 
gain. 

The application of substitutions to types s B T is the most important case. 

[S}(s B T) = l[S]sf u{ ^ B \S]T 

The substitution S is first applied to s, which gives us an expansion L = [S]s, 
which is then applied to the type [S]T. We remember that B is (an over- 
approximation of) the set of free type variables that cannot be quantified over, 
because they appear in the type environment at the time the variable s is intro- 
duced. If S replaces a variable a G B by a type T', then T' now appears in the 
type environment, and its free variables cannot be quantified over. This explains 
why we have to apply the expansion [[S'Jsfl^^^T with the set ftv([5]B) 
and not simply with the set B. The application of S to skeletons s B Q and to 
constraints s B A follows the same pattern. 

Example 1^.2. Let M — Xx.x@y. We have 

M : (y : a h ((a -> b) -»• b)) 

Applying Si = (a := a\ 02, □) to this typing gives us 

M : (y : oi -» a 2 h s {ai ' a2} (((ai -> a 2 ) -> b) -> b)) 

Then applying 5*2 = (s := V6.<^>, □) gives us 

M : (y : on -)• a 2 b V6.(((ai a 2 ) ->■ 6) ->■ 6)) 

Note that the substitution (s := Va'. <?>,□) would have left the last judgement 
unchanged if a' G {01,02}, and would have introduced a dummy quantifier if 
a' $l {b, ai, a 2 }. We can achieve the same effect as doing Si before S 2 by applying 
the substitution S = (a := ai — > a 2 , s := V6.<>, □) to the initial judgement. □ 

Example 4-3. Let T = Va.(a -> a). We have 

Ax.s ((a; x:T ) :T ^ T @ x x:T ) > Ax.x @ x : (0 b T s T)/4 (T < T -> T) 

Applying substitution S = (s := 0' b ^ b , □) gives us 

\x.({x x:T y T ^ T @x x:T y b ^ b > Az.xOx : (0hT->ft->b}/Z\ 

where Z\ = (T < 6 -» b) A (T < T ->■ T). Sub typing has been introduced at a 
nested position (under the A), generating the expected constraint T< b — > b. □ 
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ftv(c) c C,x:a\-M>Q s £ allvar(Q) B = ftv(tenv(Aa-.Q)) 

C h Xx.M > s B (kc.Q) 

ChMioQj ChM 2 t>(5 2 Q = Qj rtype ( Q2 )~ +a @ Q 2 B = ftv(tenv(Q)) 
(allvar(Qi) n allvar(Q 2 )) \ ftv(C) = {a, s} n (allvar(Qi) U allvar(Q 2 )) = 

C V- Mi @ M 2 > s s Q 

ChM>Q support(C) = fv(M) 
I- M > Q 



Fig. 5: Initial skeletons of a term 



Substituting a variable s by an expansion L makes s disappear. As a result, 
one can use the null expansion <$> to delete an E-variable s from a type s B T. If 
S = (s:= <$>, □), then [S1(s s T) = |^] B [S]T = [5]T (the occurrences of s in T 
are also removed). An expansion L can be applied at the location of a variable s 
without making s disappear using the substitution S = (s := s L, □). Indeed we 
have [S](s B T) = [s L} B [S]T = s B lL} B [S]T. The substitution □ is the identity 
substitution; it leaves variables, types, skeletons, and constraints unchanged. 
For example, for E-variables, we have [h](s b T) = [s ^] b [h]T = s B [h]T. The 
remaining cases of substitution application are straightforward descending cases. 
The resulting operation is sound w.r.t. System F s type system. 

Theorem 4.4. If Q > M : (A h T)/A then [S]Q > M : ([S]A h [S]T)/[S]A. □ 
5 Initial Skeletons 

In this section, we prove that we can generate all System F s judgements for a 
term M from an initial skeleton built from M. 

We first show that we can obtain relevant skeletons; a skeleton Q such that 
Q > M : (A h T)/A is relevant if fv(M) = support(A). In words, the type 
environment of a relevant skeleton does not mention more term variables than 
necessary. A variable environment C is a type environment which assigns type 
variables to expression variables and such that for all x, y such that x ^ y, we 
have C(x) ^ C(y). We write allvar(<5) for the set of free type and E-variables 
occurring in Q. Fig. 5 defines a judgement h M > Q, which means that Q is 
an initial skeleton for M. The main ideas behind this construct are as follows: 
first, we type each variable in fv(M) with a distinct type variable (using the 
environment C mentioned in the auxiliary judgement C h M > Q). Then we 
introduce a (fresh) E-variable at every possible position in the skeleton. Finally, 
we use subtyping to ensure that a term in a function position in an application 
has an arrow type. Two initial skeletons for the same term are equivalent up 
to renaming of their variables, as stated in the lemma below (where we call an 
expansion of the form s B <•> an E-expansion). 
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Lemma 5.1. Let Q\, Q 2 such that h M > Qi and h M > Qi. There exists 
a substitution S which maps type variables to type variables and E-variables to 
E-expansions such that Q\ = [S]Q2- □ 

Example 5.2. Let M = Xx.x@x. Then 

Q = si Ax.s| ao} ((s { 3o} x x -- 3 °y^° } @s\ 3o} i i:a ») 

is an initial skeleton for M and we have 

Q>M: (0hs^ (a -> s< ao} ^))/A 

with A = s 3 {ao} s 2a { r } ((s^ o} a < s\ 3 « } a -+ a x ) A s 0a {ao} T A s la {ao} T). 

Roughly, the variables (Sj) can be used to introduce V-quantifiers or subtyping 
at their respective positions. For example, let T = Va.(a — > a) and S = (a := 
T,ai := T,s := <$>,si := ^,s 2 := ^ : ^ b ,s 3 := V6.0,E). Applying 5 to the 
above typing judgement, we obtain 

Vb.\x.((x x:T ) :T ^ T @x x:T ) :b ^ b > M : (0 h V6.(T -> & -> &))/[5]Z\ 

with [S]4 = 3&.((T < T-J-T) A (T<&-» 6)). □ 

In the following, we use a predicate refl to check that a constraint is built 
from atomic constraints of the form T <T. The formal definition is 

f,m fUT^T) refKA) ref '(^) refKZU) refl(Zb) 

[ ' rer ^- L< - 1 ) ref\(3a.A) refl( s f A) refl(Z\i A A%) 

A reflexive constraint is always solved w.r.t. a reflexive subtyping relation (see 
solvedness definition in the next section). From any initial skeleton of M, we can 
obtain all relevant skeletons for M. 

Lemma 5.3. Let h M > Q. Let Q' relevant such that Q' > M : (Ah T)/A. 
There exists S such that [S]Q > M : (A h T)/(A A A') with A' reflexive. □ 

Note that in the above lemma, we do not have [S]Q — Q' , and we obtain an 
approximation of A. By construction, an initial skeleton Q uses subtyping at 
each application node to generate an atomic constraint. Applying S turns these 
constraints into reflexive ones, but it cannot completely remove them. Therefore, 
[S]Q is similar to Q' up to these uses of (reflexive) subtyping at application nodes. 

To generate all possible typing derivations, we add a weakening rule to be 
able to extend a type environment. 

Q > M : (A 1 h T)/A support(Ai) n support^) = 

Q Aa >M:{A 1 ,A 2 \-T)/A 

Theorem 5.4. Let h M > Q. If Q' > M : (A>r T)/A, then there exists S, A' 
such that {[S]Q) A> > M : {A h T)/(A A A 1 ), with A' reflexive. □ 
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We emphasize that initial skeletons are quite different from principal typings: 
initial skeletons are not typing derivations, because they contain unsolved con- 
straints, and all terms, even non typable ones, have an initial skeleton. To obtain 
a principal typing from the initial skeleton, we need to solve the constraints in a 
principal manner; we conjecture that it is not possible, i.e., System F s does not 
have principal typings, for the same reason as for System F [25]. 

Nevertheless, we think that initial skeletons can be useful for modular type 
inference. First, note that we do not have to remember the skeleton itself or the 
term; the typing and constraint contain all the information we need. Besides, 
constraint solving can be divided into solution preserving steps, which produce 
an equivalent constraint, and solution reducing steps, where some information 
is lost. It is always possible to safely perform solution preserving steps, and one 
can periodically check if it is possible to apply solution reducing steps to find at 
least one solved typing. The best intermediate representation might be a typing 
on which all known solution preserving steps have been performed, together with 
(at least) one solution reducing step of that typing's constraint. We do not know 
in practice how many steps will be solution preserving versus solution reducing. 

An example use of System F s is to look for a subsystem of System F in 
which to do compositional type inference. System F s is a good framework in 
which to perform such a search, by considering various different restrictions of 
System F s until one is found with the right properties. Because all possible Sys- 
tem F derivations can be obtained from System F s initial skeletons, we know in 
advance that the framework has the right amount of power. Such subsystems 
could also be characterized by a constraint solving algorithm. Instead of search- 
ing for a subsystem by varying the typing rules, we could vary the constraint 
solving algorithm, and when a nice algorithm is found, we could try to find a 
corresponding restriction directly stated on the typing rules. 



6 Solvedness and Subject Reduction 
6.1 Solvedness and System F 

A constraint A is solved w.r.t. a subtyping relation < if its atomic constraints 
are solved w.r.t. <• Formally, we define the predicate solved, as follows. 

, T X <T 2 solved^, <) solved(Z\ 2 ,<) 

solved(T,<) 

solved(Ti < T 2 , <) solved(Z\i A A 2 , <) 

solved(Z\, <) solved(/i,<) 



solved(3a.Z\, <) solved(s^ A, <) 

A skeleton is solved if its constraint is solved. Solved skeletons correspond to 
typing derivations in the traditional sense. 

We can express System F in System F s by using the following relation < F . 

Va.Ti < F [o:=T 2 ,H]ri (V-E) 
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Because of the equality involving dummy quantifiers, the relation < is reflexive; 
indeed for a ^ ftv(T), we have T = Va.T <p T. Clearly, System F s equipped 
with <p extends System F. Conversely, it is easy to see that a term typable in 
System F s is typable in F once we erase all the E- variables. 

Proposition 6.1. A term is typable in System F iff it is typable in System F s 
with <f- □ 



6.2 Subject Reduction 

We now present the subject reduction result of System F s with <p w.r.t. call- 
by-value semantics. Let V range over values, i.e. V ::— x \ \x.M. We write 
\x := Mi]M 2 for the usual capture-avoiding substitution of terms. We define 

small-step call-by- value evaluation M -^4 M' as the smallest relation on terms 
verifying the following rules: 



{\x.M)@V ^ [x := V]M 



Mj ^ M[ M ^ M' 



M 1 @M 2 ^M[@M 2 V@M ^V@M' 



Theorem 6.2. If Q > M : (A h T)/A, solved(A <f), and M ^ M' , then 
there exists Q' , A' such that Q't>M':{A\- T)/A' and solved(Z\', < F ). □ 

We prove Theorem 6.2 by defining a transformation on Q so that skeletons in 
a function position of an application, such as Q\ in Qi@Q 2 , are turned into 
A-abstraction skeletons. A substitution lemma then allows us to simulate (3- 
reduction by replacing the occurrences of a variable skeleton x A in a skeleton 
Ax.Qi by Q 2 . This proof technique depends on the subtyping relation being used. 
We conjecture it can be adapted to various relations (such as Mitchell's [16]), but 
nevertheless we look for a more generic proof technique (less dependant on the 
subtyping relation) . We prove subject reduction only for call- by- value evaluation 
for simplicity; we conjecture that subject reduction also holds for call-by-need 
and call-by-name semantics, and for reduction in arbitrary contexts. 



7 Related Work 
7.1 Expansion 

A full survey on expansion and expansion variables can be found in [2] ; we only 
discuss here the main differences between System F s and System E, the type 
system with expansion most closely related to our work. System E E- variables are 
introduced on top of skeletons, type environments, result types, and constraints, 
while System F s E-variables are not inserted on top of type environments (rule 
(s-l)). System F s expansion mechanism deals with subtyping, while System E 
expansion does not. In System E, an E- variable e defines a namespace. In type 
Ti = a — > e a, the variable a outside e is not connected to the one in the scope of 
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e; applying substitution (a := T 2 , □) to Ti gives T 2 — > e a. This is due to the fact 
that substitutions are a special case of System E expansions (see [2] for further 
details). It also makes composition of expansions and substitutions easier. In 
System F s , substitutions cannot be considered as expansions, because they are 
applied to the whole typing judgement (Theorem 4.4), whereas the asymmetric 
expansions of System F s are not applied to the type environments (Lemma 4.1). 
As a result, it would be unsound for System F s E- variables to create namespaces. 
It is difficult to have a symmetric expansion in System F s , because sub typing does 
not operate uniformly on typings (it is usually contravariant on the environment 
and covariant on the result type). It is possible to design System F s with two 
kinds of E- variables (one, symmetric, to handle substitutions and V-introduction, 
and one, asymmetric, for subtyping), but it would make the system much more 
complex for no clear profit. 

7.2 Type Inference in System F 

Type inference in System F is undccidablc [24]; however many different ap- 
proaches have been conducted to circumvent this issue, by stratifying System F 
using a notion of rank, or by using type annotations to constrain type inference 
possibilities. 

Giannini and Ronchi 's type constraints. In [6] , Giannini and Ronchi Delia Rocca 
consider a syntax-directed version of System F. The authors define a notion of 
typing scheme a, with a syntax similar to the one of System F types, except that 
quantifiers Vu.T contain placeholders u (called sequence variables), that can be 
replaced by a (possibly empty) set of type variables to give a System F type. For 
each term M, they also define a principal typing scheme T\(M) = (D,a, G,F), 
where D is an environment that maps term variables to typing schemes, and G 
and F are constraints on the typing schemes occurring in a or D that need to 
be satisfied. The set G contains subtyping constraints <j\ <f cr 2 , and F prevents 
certain quantifications from happening by restricting the possible values for the 
sequence variables u. 

The principal typing scheme TT(M) is similar to our initial skeletons; if 
TT(M) = (D, a, G, F) and Q > M : (AY- T)/A (with Q an initial skeleton for 
M), then D corresponds to A, a to T, G to A, and F acts as the sets B that 
appear in E- variables s B T. Any System F typing {A h T) of M can be obtained 
from D : o~ by applying a substitution (from type variables to types and sequence 
variables to set of type variables) which satisfies constraints G and F. This result 
corresponds to Theorem 5.4 in our system. 

System F s and the system of [6] differ mainly in their implementation. In 
particular, we have a mechanism to postpone subtyping (i.e., V-elimination), 
which does not have an equivalent in the system of Giannini and Ronchi. It seems 
that they do not need such mechanism, but to compensate for it, they have to 
generate more constraints when building their principal typing scheme T\(M). 
We also believe that our system is easier to understand and easier to extend 
with other type constructors. Finally, Giannini and Ronchi define a notion of 
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rank over system F types (distinct from Leivant's rank based on the presence 
of polymorphism on the left of function types [13]), and provide for all n an 
inference algorithm for each restriction of their system to types of rank lower 
than n. We conjecture that this algorithm can be adapted to System F s . 

ML F and its variants. ML F [10,11] is a conservative extension of ML at least as 
expressive as System F with principal types, i.e., result types whose instances 
(w.r.t. the ML F type instance relation -<) are exactly all possible result types for 
a term. The type system also enjoys decidable type inference (with a simple cri- 
terion on where type annotations are needed), and stability w.r.t. some program 
transformations, such as for example |3-reduction and u-expansion. 

ML F types contain flexible quantifiers V(a >- a)a', which roughly represent 
sets of System F types of the form [a := T]T', where T and T' are instances of 
the type schemes a, a'. For example, V(a >- Vb(b — > bj) (a — > a) represents the 
set {T -)■ T | V6(6 -> b) -< T}. With flexible quantifiers, terms that do not have 
a principal type in System F (w.r.t. the System F type instance relation) have a 
principal type in ML F . Decidable type inference is obtained in ML F by requiring 
type annotations on function parameters that are used two or more times with 
different type instances, so that the type inference algorithm never has to guess 
true polymorphism. Rigid bindings are used in ML F types and typing rules to 
distinguish between inferred and annotated types. They are not necessary for 
decidable type inference, and can be removed at the cost of additional type 
annotations, as in HML [12]. 

Boxed polymorphism. Boxed polymorphism [9,17] hides polymorphic types into 
boxes, considered as regular simple types. Several type systems follow this prin- 
ciple, such as PolyML [5], boxy types [23], and FPH [22]. We discuss only the 
most recent system, FPH. FPH is a type system based on System F, where boxes 
are used to mark where V-quantifiers have to be instantiated with polymorphic 
types. Provided that type annotations are given at these boxed positions, FPH 
type inference computes System F types (without any box) for terms. The system 
aims for simplicity for the programmer: only System F types are exposed, and 
writing type annotations does not require to think in term of boxes. Roughly, 
type annotations are necessary for A-abstractions and let-bindings with rich 
types (i.e., types with quantifiers under arrow types). However, FPH is more 
restrictive than ML F ; more annotations are needed in general, and FPH terms 
admit principal types only for "box-free" types, not in general. 

ML F , FPH, and System F s all aim for a modular type inference for System F 
types. It is difficult to compare our work to these two systems, because we do not 
propose a type inference algorithm for System F s yet. In particular, assuming we 
follow their approach, we do not know how many annotations would be necessary 
to make System F s type inference decidable. However, we can make the following 
observations. First, ML F and FPH only infer result types, while our objective 
is to also infer complete typing, in order to have a fully compositional type 
inference algorithm. ML F has principal types (w.r.t. to their instance relation), 
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while System F s have initial skeletons, and FPH has principal types only for box- 
free types (where V-quantified variables cannot be instantiated with polymorphic 
types). ML F types more terms than System F, while FPH and System F s type 
the same terms as System F. Finally, FPH and System F s are direct extensions 
of System F, and the constructions specific to these systems (the boxes and El- 
variables) can be kept away from the programmer most of the time (except in 
type error reports). On the other hand, ML F types and type instance relation -< 
can be hard to understand, even in its simpler version HML. 

To illustrate the differences between the three type systems, we consider the 
following example (taken from [11,22]). Let A = choose : Va.(a — > a — > a), id : 
Va.(a — > a) and M = choose® id. We can derive the following typing judgement 
for M: 



F s 
ML F 
FPH 



(Ah si ((s? Va.(a 
(A h V(a >- Vb(b -» 
{A h V6((6 -> b) -> 



-+a)) (4 Va.(a 
&))(a->a)> 
(&-►&))) 



a)))) 



(A h Vfe(fe -> 6) -> V6(fe -> 6) ) 



FPH can infer two result types for M, depending on the presence or absence 
of type annotations. These two incomparable types can be obtained from the 
(principal) ML F type (ignoring the boxes), and also from the System F s type, 
by applying the substitution (s2 ■= V&.<$>, si := 0' b ^ b , □ ) for the first one, and 
by simply erasing the E- variables for the second one. 

Both System F s E- variables and ML F flexible bindings factor several Sys- 
tem F types and typing derivations that are incomparable in System F, as 
shown with the choose @ id example. However, flexible bindings are more ex- 
pressive and allow to type terms that are not typable in System F. Consider the 
example (taken from [11]) let x = (choose® id) in let z = x @ f in x @ g, where 



/ : Vo.(a -> 



Va.(a -> a),g : (b -> b) ->■ (b ->■ b). The ML type for 



choose @ id given above can be instantiated into the incomparable types of / 
and g. The term cannot be typed in System F nor in System F s . Adding quan- 
tification over E-variables would allow System F s to type this term; we could 
type choose® id with Vs.((s Va.(a — > a)) — > (s Va.(a —¥ a))) and instantiate s 
with different expansions to obtain the types of / and g. Adding quantification 
over E-variables should not raise any issue; we conjecture that it would allow 
System F s to type as many terms as ML F . It would be interesting to see if there 
exists an encoding of ML F types into System F s types extended with quantified 
E-variables, and conversely. We leave this topic to future work. 



8 Conclusion and Future Work 

System F s is an extension of System F with expansion, an operation originally 
defined in systems with intersection types. Expansion allows postponing the 
introduction of V-quantifiers and subtyping uses at an arbitrary nested position 
in a typing derivation. For any term M, we can generate an initial skeleton, from 
which we can obtain any System F s judgement for M. We now give some ideas 
of follow-up on this work. 
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Type inference algorithm. To obtain decidable type inference in System F s , a first 
possibility is to use type annotations, as in ML F or FPH. The question is then to 
know how many annotations are necessary compared to these two systems. An- 
other idea is to study the link between constraints solving and semi-unification. 
Given a constraint T\ < T2, the semi-unification problem consists in finding Si, 
S2 so that [S^HSijTi = [Si}T 2 . Vasconcellos et al. [21] used semi-unification to 
design and implement a type inference semi-algorithm for polymorphic recur- 
sion in Haskell. The authors claim that the algorithm terminates most of the 
time in practice. Maybe similar results can be obtained for System F s as well. 
As discussed at the end of Section 5, System F s can also be used to look for a 
subsystem of System F allowing for compositional type inference. 

Mixing ^-quantifiers and intersection types. A long-term goal is combining Sys- 
tem E and System F into one system (called System EF), with both V-quantificrs 
and intersection types. With such a system, one could type a term with only in- 
tersection types, only System F types, or any combination of the two constructs, 
depending on the user's needs. Previous systems featuring both constructs (e.g. 
[14,20]) do not use expansion variables; the main difficulty in mixing System E 
and System F s is to make precise the interactions between the symmetric and 
asymmetric expansions. Maybe it is possible to define a more general expansion 
mechanism which supersedes the existing ones, and combine the two kinds of 
expansion variables into a single construct. A goal would be for System EF to 
have principal typings. 

Because System E types all strongly normalizing terms, V-quantificd types 
would only be used when required by the user when performing type inference 
in System EF. To this end, we could imagine various kinds of type annotations 
to mark positions within terms where System F types are required. These anno- 
tations could be complete types, such as Ax Va ( a ^ a '.M, or just type templates, 
such as Ax ( - Va '*- ) ~ 5 '* .M , meaning that the inferred type for x should be an ar- 
row type, and the type of the argument should be a System F type. One could 
imagine different kinds of annotations at various positions in the term; we would 
like to see under which conditions (on both the annotations language and the 
positions in the term) the inference for such a system becomes decidable. The 
inference algorithm would then use intersection types by default, except for the 
marked positions where V-quantificd types are requested. 
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A Soundness of substitutions 



Lemma A.l. If Q > M : (A h T)/A and ftv(A) C B then we have {L\ B Q > 
M : (A h [LJ B T)/[L] B A □ 

Proof. By induction on L. 

If L = <J>, then the result is easy. 

If L = L hT \ then by induction we have [Z/] B Q > M : (A h [L'] B T)/[L'] B A 
By rule (<), we have ([L'] B Q) :T2 >M:(4h T 2 )/([L'] B zl A (([L'] B T) < T 2 )), 
i.e., p,] B Q > M : (A h {L\ B T) /{L\ B A, as required. 

If L = s B ' L', then [L'] B Q > M : (A h p7] B T)/pyj B Z\ holds by induction. 
Because ftv(A) C £>, we have ftv(A) CBU £?', so by rule (s-l), we obtain 

S BuB ' {\L'l B Q) > M : (A\- S BuB ' ([L'] S T))/ S f^f B ' T ([L'] B A), 

i.e., \L\ B Q >M:(Ah \L\ B T) /\L\ B A, as required. 

If L = Ma.L' , then by induction [i'] B Q >M:(4h {L'\ B T) /{L'^A holds. 
If a G B, then we have the required result. If a ^ B, then because ftv(A) C B, we 
have a g ftv(A). Hence, we have Va.[L'] B Q > M : (A h Va.[L'] B T)/3a.[L']] B A 
by rule (V-l), i.e., [L] B Q >M:(ih [L] B T)/[L] B A as required. 

□ 

Theorem A.2. If Q > M : (Ah T)/Z\ tfcen [5]Q > M : ([S]A h [S]T)/[S]A 

□ 

Proof. We proceed by induction on Q. 

Suppose Q = x A ; we have x^ A > x : ([5] A h ([S]A)(a;))/T by rule (var), and 
([S]A)(x) = [S](A(x))hence the result holds. 

If Q = Ax.Q', then we have Xx.Q' > Xx.M : (A h 7\ -> T 2 )//i with Q' > 
M : (A,jc : Ti h T 2 )/A We have [S]Q' > M : ([S]A,x : [5]Ti h [S]T 2 )/[S]Z\ by 
induction, consequently we have \x.[S]Q' > Ax.M : ([S]A h [5]Ti -> [5]T 2 )/[5]/i 
by rule (abs), i.e. [S*]Ax.Q' > Ax.M : ([S]A h [5](Ti T 2 ))/[S]A as required. 

If Q = Qi @g 2 , then we have Q 1 @Q 2 t> M 1 @M 2 : (AY- T 2 )/(A 1 A A) 
with Qi > Mi : (AhTi T 2 )/A and Q 2 > M 2 : (AhTi)/A- By induc- 
tion, we have [5]Qi > Mi : ([5]A h [S](Ti -> T 2 ))/[S]A 1 and [5]Q 2 > M 2 : 
([5]Ah [S , ]Ti)/[S']zi 2 . Since we have [S](Ti -> T 2 ) = [5]Ti -> [S*]T 2 , we have 
[5]Qi@[5]Q 2 > Mi@M 2 : ([5]ih [S]T 2 )/[5]4 A [S]A 2 by rule (app), i.e. 
[S}(Qi @Q 2 ) >M 1 @M 2 : ([S}A h [S]T 2 )/[S](A A A), as required. 

If Q = Va.Q', then we have Va.Q' > M : (A h \/a.T)/A with Q' > M : 
(A h T)//i and a ^ ftv(A). By a-conversion, we can assume that a £ ftv(S). By 
induction, we have [S]Q' > M : ([5] A h [S]T)/[S] A Since we have a ^ ftv(A) 
and a £ ftv(S), we have a ^ ftv([5]A). By rule (V-l), we have Vo.[S]<3' > M : 
([S]AI-Va.[S]T)/[S]A i.e. [S]Va.Q' > M : ([S]Ah [5]Vo.T)/[5]A, hence the 
result holds. 

If Q = Q rT \ then we have Q' > M : (A h Ti)/A with Zi = A A 7\ < T 2 . 
By induction, we have [S]Q' > M : ([S*]A h [5]Ti)/[5]A. Applying rule (<), we 
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obtain [S]Q' :ls]T2 > M : ([S]A h [S , ]T 2 )/([5]Z\' A [S]Xi < [S]T 2 ), i.e. [S*]Q ,:T2 > 
M : ([S]A h [S]r 2 )/[S](^' A Ti < T 2 ), as required. 

If Q = s B Q', then we have s B Q' > M : (A\- s B T)/s B A' with Q' > 
M : (A h T)/Z\' and ftv(A) C S. By induction, the judgement [5]Q' > M : 
([S]A h [S]T)/[S]^' holds. Because ftv(A) C B, we have ftv([S]A) C ftv([S']B), 
therefore by Lemma A.l we have 

|[^ s jftv([S]B)^Q, > M . {[S]A h J[ 5 ] s ]ftv([S]B) [5]r)/ |^ ]s jfM[S]B) [5]zi; 

hence we have [S](s B Q') > M : h [5](s B T))/[S]A as required. 

□ 



B Subject reduction 

We prove subject reduction for the System F subtyping. We define an equivalent 
type system where we turn equalities on types into explicit subtyping rules; we 
then prove subject reduction in the equivalent type system. 

B.l An equivalent type system system 

Typing judgements of system Ff, written Q >^ M : (A T), are derived ac- 
cording to rules given in Figure 6. The typing rules are the same as in the original 
type system, except that we add an environment subtyping rule (restricted to 
equality subtyping), and we do not mention constraints anymore: in subtyping 
rules, we consider only solved constraints, and the subtyping proofs are specified 
by subtyping skeletons K. Subtyping skeletons are mentionned in the skeletons 
Q K and Qy R . 

The subtyping rules and the corresponding subtyping skeletons are given 
in Fig. 7; we define two subtyping judgements K > T\ < T 2 (for the regular 
subtyping relation, from the original type system) and K > Ti -< T 2 (which deals 
with equalities on types). We let < ranges over the two subtyping relations. 

Lemma B.l. IfK>T 1 ^T 2 then K'\>T 2 <T 1 . □ 

Proof. By induction on the derivation of K > Ti -< T 2 

□ 

Lemma B.2. We have Ti < T 2 in System F s iff there exists K such that K > 
Ti < T 2 in system Ff . □ 

Proof. By induction on the derivation of Ti < T 2 and by induction on the 
derivation of K > Ti < T 2 

□ 

Lemma B.3. We have Q>±M : (A A # T) iff Q' > M : (A h T)/A where A is 
solved. □ 
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x A 



>^x: (A A(x)) (var) — - — ■ - - - - - (abs) 

Qi >^ Mi : (A Ti -> T 2 ) Q 2 M 2 : {A Ti) 

(app) 

Qi@Q 2 Mi@M 2 : (4h # T 2 > 11 HH; 

g iy M : (A T) q g ftv(A) 

Va.Q >^ M : {A Vo.T) 1 " J 

Q>/ M : (Ah^Ti) K>T 1 <T 2 

Q K >^M: (A T 2 ) ( " ) 

Q >^ M : (A, y : Ti T) K > T 2 -< Ti , 
e; (X-env) 

Q 1 ' >^ M : (A,y : T 2 T) 

Q >^ M : (A T) ftv(A)CB 

5 r \ s ->) 

s B Q>^ M :{A s B T) 



Fig. 6: Typing rules of system Yf 



Proof. By induction on the derivation of Q >^ M : (A T), and by induction 
on the derivation of Q' > M : (A h T)/A. 

□ 

We now prove subject reduction for system Fjf . 
B.2 Skeleton transformation 

In Figure 8, we define a transformation T on skeletons which preserves typings 
while removing the unnecessary uses of the result subtyping rule (<). We write 
A\ -< A 2 iff for all x, we have A\(x) -< + A 2 (x). For all Q, A\, A 2 such that A 2 = 
tenv(Q) and A\ ~< A 2 , there exists a skeleton, written Q Al ^ A2 , obtained from Q 
by repeated use of the environment subtyping rule and such that tenv(Q Al <A ^ ) = 
A\. We informally use this notation in proof when it is more convenient than 
the original one. 

B.3 Induction principle on skeletons 

Proofs on skeletons are by induction on the size sz(<5), defined in Figure 9. 
We prove that transformation T makes the size decrease. We need first some 
preliminary results. 

Lemma B.4. 

- We have sz(Q) > 1. 
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Regular subtyping 

inst(Vo.Ti, T 2 ) > Vo.Ti < [a := T 2 , H]Ti 

Equality subtyping 

a £ ftv(T) 



V - comm(T) > V01.V02.T -< Vo 2 .Vai.T 



dummy - l(T) > T X Va.T 
a £ ftv(T) K±>T 2 -< Ti K 2 > T s -< T 4 



dummy - E(T) > Va.T -<T Ki -> #2 > Ti -> T 3 -< T 2 ->• T 4 

K>Ti -<T 2 K\>T 1 <T 2 
s B K>s B T x < s B T 2 Va.K t> Va.Ti -< Va.T 2 



Fig. 7: Subtyping rules of system Fjf 



- sz(Q) = l iffQ = \x.Q'. 

— For all Q, we have sz([a := T, = sz(Q). 

— For a/Z if, we /icwe sz(Q K ) > sz(Q). 

- For all K, if sz{Q 1 ) < sz(Q 2 ) then sz(Qf ) < sz(Qf ) □ 

Proof. The first three items are easy. The fourth item is by induction on K. 

Suppose K = Ma.K' . By induction we have sz(Q K ) > sz(Q), consequently 
we have sz{Q K ) > sz(Q) + f > sz{Q). The remaining cases are easy. 

The last item is by induction on K . 

Suppose K = Va.K' . Let Q\, Q2 such that sz(Qi) < sz(Q2)- By induction we 
have sz(Qf- ) < sz(Qf- ). Consequently we have sz(Qf- ) + 1 < sz{Q 2 ) + 1, i.e. 
sz(Qf ) < sz(Qf ), as wished. In the remaining cases, the size of sz(Q^) differs 
from sz(Qi) by a positive integer C(K), i.e. we have sz(Qf-) = sz(Qi) + C(K) < 
sz(Q 2 ) + C{K) = sz(Qf ), hence the result holds. 

□ 



Lemma B. 5. We have sz(T(Q)) < sz(Q). □ 

Proof. We proceed by induction on sz(Q). If sz(Q) = 1, then Q — Xx.Q, so 
T{Q) = Q, hence the result holds. Suppose that the result holds for sz(Q) < n; 
we prove it for sz(Q) = n + 1 by case analysis on Q. 



If Q = Vo.Q', then T(Q) = Va.T(Q')- We have sz (<2') < sz (<2) ; so b y Educ- 
tion we have sz(T(Q')) ^ sz(Q'). Consequently we have sz(T(Q)) = sz(T(Q')) + 
1 < sz(Q') + 1 = sz(Q), hence the result holds. 

If Q = s s Q', then T(Q) = Q 1 hence the result holds. 
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Constructor rules 

T(Q) = Xx.Q' 

T(Xx.Q) = Xx.Q T(Va.Q) = Va.T(Q) ^— lr 

T{Q) = s B Q' T(Q) = Va.Q' 



T(Q y:K ) = s B (Q ,y:K ) T(Q y:K ) = \fa.(Q' y:K ) 

Original subtyping rules 

T(Q) = Va.Q' 



T(s s Q) = s B Q 



r(Q inst(Va.T 1 ,T 2)) = r ( [fl . = ^jq,) 

Equality subtyping rules 

T(Q) = s B Q' T{Q)=Vai.Qi T(Qi)=Va 2 .Q2 

T{Q sBk ) = s b ((Q'f) T(Q v - comm(T) )=Va 2 .Voi.Q 2 

T(Q) = Ax.Q T(Q) = Vo.Qi T(Qf ) = Q'i 



T(Q Kl ^ K2 ) = A : r.((0 if2 ) 3;:ifl ) T(Q VaK ) = Va.Q; 

a £ ftv(T) T(Q) = Va.Q' 



7-(Qdummy-l(K)^ = y a g r(Q du mm y-E(T) j = j ^ 



Fig. 8: Definition of T 



If Q = Q' V ' K , then we distinguish several cases. If T(Q') = Xx.Q" for some 
Q", then we have T(Q) = *x.(Q" y:K ); we have sz(T(Q)) = 1 < sz(Q) as re- 
quired. If T(Q') = s B Q", then T(Q) = s B {Q" y ' K ). By induction we have 
sz(T(Q')) < sz(Q'), Le - SZ (Q") + 1 < sz(Q'). Therefore we have sz(T(Q)) = 
2 + sz(Q") < sz(Q') + 1 < sz(Q), as required. If T(Q') = Va.Q", then the proof 
is similar to the previous case. 

If Q = Q'i"st(Va.T 1 ,T 2 ) ; thcn t( q) = r([fl . = T2 ]q«) with r( Q,) = Va.Q". 
We have sz(Q') < sz(Q), so by induction we have sz(T(Q')) < sz(Q'), i.e. 
sz(Q") + 1 < sz(Q'). By Lemma B.4, we have sz([a := T 2 ]Q") = sz(Q"), there- 
fore we have sz([a := T 2 ]Q") = sz(Q") < sz(Q') < sz(Q), so by induction we 
have sz(T([a := T 2 ]Q")) < sz([a := T 2 ]Q") < sz(Q), i.e. sz(T(Q)) < sz(Q), as 
required. 

If Q = Q' ya K , then T(Q) = Va.Q; with T(Q') - Va.Qi, and T(Qf ) = Q[. 
We have sz(Q') < sz(Q), so by induction, we have sz(T(Q')) < sz (Q')i i- e - 
sz(Qi) + l < sz(Q'). Consequently we have sz(Qi) < sz(Q'), so by Lemma B.4 we 
have sz(Qf r ) < sz(Q' K ). By the definition of sz(), we have then sz(Q 1 ^ 1 ) < sz(Q), 
so by induction we have sz(T(Qf )) < sz(Qf-). Finally we have sz(T(Q)) = 
sz(Q' 1 ) + 1 = sz(T(Qf )) + 1 < sz(Qf ) + 1 < sz{Q' K ) + 1 < sz(Q), hence the 
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sz(A:r.Q) = 1 sz(Va.Q) = 1 + sz(Q) sz(Q y ' K ) = 1 + sz(Q) 

sz( S s Q) = l + sz(Q) sz(Q inst(Va ' Tl ' T2) ) = l + sz(Q) sz(Q Va ' K ) = 1 + sz(Q K ) 

sz(Q v - comm(T) ) = 1 + sz(Q) sz(Q dummy - |(T) ) = 2 + sz(Q) 

sz(Q dummy - E(T) ) = l + sz(Q) sz(Q sB K ) = 2 + sz(Q K ) sz{Q K ^ K *) = 1 + sz(Q) 



Fig. 9: Definition of sz 



result holds. 

If Q = Q' sB K , then T(Q) = s s (Q' K ). We have sz(T(Q)) - sz(Q' K ) + 1 < 
sz(Q), hence the result holds. 

If Q = Q'V-comm^ thcn T (q} = Vo 2 .Voi.Q 2 with T(Q') = Voi.Qi and 
T(Qi) = Va 2 .Q 2 . By induction we have sz(T(<3')) < sz (<3'), i-e- sz(Qi) + 1 < 
sz(Q'). Applying the induction hypothesis on Qi, we have sz(T(Qi)) < sz(Qi), 
i.e. sz(Q 2 ) + 1 < sz(Qi). Consequently we have sz(T(Q)) = sz(Q 2 ) + 2 < 
sz(Qi) + 1 < sz(Q') < sz(Q), hence the result holds. 

If Q = Q'dummy-I(T) ; thcn j-(Qj = y a Q'^ where a g ftv(Q'). We have 

sz(T(<9)) = sz(Q') + 1 < sz(Q') + 2 = sz(Q), hence the result holds. 

If Q = Q'dummy-EtT)^ then T (q) = y-^g/zj ^q/j = Va .Q« g y in _ 

duction we have sz(T(Q')) < sz(<9')> Le - sz(Q") + 1 < sz(Q')- Therefore we 
have sz(Q") < sz(Q), so by induction we get sz(T(Q")) < sz(Q"). We have 
sz(T(Q)) = sz(T(Q")) < sz(Q") < sz(Q') < sz(Q), hence the result holds. 

If Q = Q' Kl ^ K2 , then there exists Q" such that T{Q) = Xx.Q". We have 
sz(T(Q)) = 1 < sz(Q) as required. 

□ 

Lemma B.6. For all Q, 

- IfQ>jt Ax.M : {A Ti ->■ T 2 ) tten t/iere exisfo Q' sucft thatT(Q) = Ax.Q' 
and T(Q) >^ Ax.M : (A h # T a -> T 2 ). 

- IfQ>^ Ax.M : (A h # Va.T) tften tftere exists Q' such that T(Q) = Va.Q' 
and T(Q) >^ Ax.M : (A h # Va.T). 

- IfQ>± Ax.M : (A s B T) then there exists Q' such that T(Q) = s B Q' 
and T(Q) >^ Xx.M : (A s B T) . □ 

Proof. We proceed by induction on sz(Q). If sz(Q) = 1, then Q — Xx.Q, so 
T{Q) = Q, and the first item of the lemma hold. Suppose that the result holds 
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for sz(Q) < n; we prove it for sz(Q) = n + 1 by case analysis on Q. 

If Q = Va.Q', then by the type system we have Q >^ Ax.M : (A Va.T'} 
with Q' >^a Ax.M : (A T'). We have sz(Q') < sz(Q), so by induction we have 
T(Q') t> # Ax.M : (A h # T'). By rule (V-l) we have Va.T(Q') Ax.M : (A h # 
Va.T'), i.e. T(Q) Ax.M : (A h # Va.T'}, as required. 

If Q = Q lA<A \ then we distinguish several cases. If Q >jt Ax.M : (A 
Ti ->■ T 2 ), then by the type system we have Q' > # Ax.M : (A' h # Ti -> T 2 ). We 
have sz(Q') < sz(Q), so by induction there exists Q" such that T(Q') = "Kx.Q" 
and Ax.Q" > # Ax.M : (A' Ti -> T 2 ). By rule (abs), we have Q" >^ M : 
(A',x : Ti T 2 ), so we have Q A ^ A ' >^ M : (A,x : T x h # T 2 ) by environment 
subtyping, hence we have Ax.Q' A ~ <A >jt Ax.M : (A Ti — > T 2 ). By definition 
of T, we have T(Q) = Ax.Q' 4 ^' 4 , hence the result holds. 

If Q >=£ Ax.M : (A s B T'), then by environment subtyping we have 
Q' Ax.M : (A' h # s B T'). By induction we have T(Q') = s B Q" and T(Q') > # 
Ax.M : (A' s B T'). By rule (s-l), we have Q" > # Ax.M : (A' h # T'>; therefore 
wehaves B (Q' M ^ A ') >± Ax.M : (A h # s B T') 1 i.e. T(Q) t> # Ax.M : (A h # s B T'), 
as required. The proof is similar in the case T = Va.T'. 

HQ = s B Q', then we have Q >^ Ax.M : (A h # s B T'), and since T(Q) = Q, 
the result holds. 

If Q = Qrtnst(Vo.ri,3b) } then by mlc (<) we have q ^ Xx.M : (A h # [a := 
T 2 ]Ti) and Q' > # Ax.M : (A Vo.Ti). We have sz(Q') < sz(Q), so by induction 
there exists Q" such that T(Q') = Va.Q" and T(Q') Ax.M : (A h # Vo.Ti). 
By rule (V-l), we have Q" >^ Ax.M : {A Ti) and a f ftv(A), so by 
Lemma A. 2, we have [a := T 2 ]Q" >^ Ax.M : (A h # [a := T 2 ]7i). By Lemma 
B.4, we have sz([o := T 2 ]Q") = sz(Q") < sz(Q') < sz(Q), so by induction 
we have T([a := T 2 ]Q") Ax.M : (A h # [a := T 2 ]T 1 ), and the shape of 
T([a := T 2 ]Q") follows the shape of [a := T 2 \T\. By definition of T, we have 
T(Q) = T([a := T 2 ]Q"), hence the result holds. 

If Q = Q' ya K , then there exists T and T such that K > V <T, Q > # 
Ax.M : (A h # Va.T), and Q' > # Ax.M : (A h # Va.T'). We have sz(Q') < sz(Q), 
so by induction there exists Q" such that T{Q') — Va.Q" and T(Q') >^ Ax.M : 
(A h # Va.T'}. By rule (V-l), we have Q" t>^ Ax.M : {A h # T'}. Therefore we 
have Q" K >^ Ax.M : (A h # T). 

By Lemma B.5, we have sz(T(Q')) < sz(Q'), i.e. sz(Q") + 1 < sz(Q'). By 
Lemma B.4, we have sz(Q" K ) < sz(Q' K ), hence we have sz(Q" K ) < sz(Q' K ) < 
sz(Q). Consequently, by applying the induction hypothesis to Q" K , we have 
T(Q" K ) tv Ax.M : (A h # T). By rule (V-l) we have Va.T(Q" K ) >^ Ax.M : 
(A Va.T). By definition of T we have T(Q) = Va.T(Q" K ), hence the result 
holds. 
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If Q = Q'V-commCT)^ thcn we haye q ^ Xx M . ^ h/ Vo 2 .Voi.T) and 
Q' >^ Ax.M : (A Voi.Vo 2 .T). By induction we have T(Q') = V01.Q1 with 
T(Q') >^ Ax.M : (A h # V01.V02.T). Therefore we have Qi >^ Ax.M : (4 h # 
Va 2 -T), so by induction we have T(Qi) = \/a 2 .Q 2 with T(Qi) >^ Xx.M : (A 
^a 2 .T). Consequently we have Q2 »^ Xx.M : (A T), so by rule (V-l), we have 
Va 2 .Vai.Q 2 ^ : l - ^ Va 2 .Vai.T), and we have T(Q) = \/a 2 Ma\.Q 2l as 

required. 

If Q = Q'dummy-ICZ^ then wg h&ye g ^ Ax.M : (A h # Va.T) with Q' > # 

Ax.M : (A h # T) and a £ ftv(Q'). Using rule (V-l), we obtain Va.Q' >^ Ax.M : 
(A h # Va.T), i.e., T(Q) >^ Xx.M : (A Va.T), as required. 

If Q = Q'dummy-EfT^ then we h&ye Q ^ Ax M . ^ h ^ ^ with Q/ ^ 

Xx.M : (A ^-t Va.T) and a ^ ftv(A). By induction, there exists Q\ such that 
T{Q') = Va.Qi and Ma.Qi \>-t Xx.M : (A Va.T). Consequently we have 
Qi t>^A Xx.M : (A T), and because sz(Qi) < sz(Q), we obtain T(Qi) >^ 
Xx.M : (A T) by induction (and the shape of T(Qi) matches the one of T). 
Because T{Q) = T(Qi), we have the required result. 

If Q = Q' Kl ^ K2 , then there exists T{, T^Ti, and T 2 such that K-\_>T\ ~< T{, 
K 2 > T 2 < T 2 , and Q >^ Xx.M : (A T x ->■ T 2 ). By the type system, we have 
Q' Xx.M : {A T[ -> T^). We have sz(Q') < sz(Q), so by induction there 
exists Q" such that T(Q') = Xx.Q" and Ax.Q" > # Ax.M : (A T{ -> Tj'). 
By the type system we have Q" >^ M : (A, x : T{ Tj), so by rules (<) and 
(^-env) we have (Q K2 ) x:Kl >^ M : (A,x : Ti h # T 2 ). Consequently we have 
Xx.((Q K2 ) x:Tl ) > # Ax.M : {A T x -> T 2 ), and T(Q) = Ax.(Q X2 ) x:Tl , hence 
the result holds. 

If Q = Q sB K , then we have Q Xx.M : {A h # s B T 2 ) and Q' Xx.M : 
(A s B Ti) with K > Ti -< T 2 . By induction we have T(Q) = s B Q" and 
T(Q') tv Az.M : (-4 h # s B Ti). Therefore we have Q" > # Ax.M : (A Ti), so 
by rule (<) we have Q" K > # Ax.M : (A h # T 2 ), and by rule (s-l) s B {{Q") K ) >jt 
Xx.M : (A h # s B T 2 ). Since we have T(Q) = s B ((Q") K ), the result holds. 

□ 



B.4 Subject reduction 

Lemma B.7. If Q 1 > # M : (A,x : T x h # T 2 ) and Q 2 >^ V : {A h # T\), then 
there exists Q' such that Q' > # [x := V]M : (A h # T 2 ). □ 

Proof. We proceed by induction on Q\. 

Suppose Qi — x A ' x ' Tl ; we have Qi t>^ x : (A,x : T\ A{x)) with 

Ti = T 2 = A(x). We have Q 2 > # [x := U]x : (A Ti), hence the result 
holds. 
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Suppose Qi = y A ' x:Tl with y ^ x; we have Qi >jt y : (A, x : Ti A(y)). We 
have [a; := V]y = y and y A y : (A A(y)), therefore we have the required 
result. 

Suppose Qi = Ay.Qi; we have Qi >-l M' : (A, x : T u y : T% h^A T 2 2 } with 
M = Ay.Af and T 2 = Tj -> T|. By induction, we have Q' > # [a; := V]M' : 
(A, y : h # T 2 }. By rule (abs), we have Ay.Q" > # Ay. ([a; := V]M') : (A h # 
T 2 -> T 2 2 }, as required. 

Suppose Qi = Qi@Qi; we have M = Mi@M 2 with Q} >^ Mi : (A,x : 
Ti h # T 3 T 2 ), and Q\ > # M 2 : (A,x : T x h # T 3 ). By induction we have 
Qi >^ [x := V]Mi : {A h # T 3 -> T 2 ) and Q 2 > # [x := V]M 2 : (A h # T 3 ), so 
by rule (app) we have Qi@Q 2 >=£ [x := V]Mx@[x := V]M 2 : (A h # T 2 ), i.e. 
Qi @Q' 2 >^ [a; := V](Mi @M 2 ) : {A h # T 2 ), as required. 

Suppose Qi = Va.Qi; we have Qi t>^ M : {A, x : T x h # T 2 ) with T 2 = Va.T^. 
By induction we have Q'/ >^ [x := V]M : (A h-£ T 2 ), so by rule (V-l) we have 
Va.Qi : = : ( A h # Va.T^>. 

Suppose Qi = Q'f ; we have Qi >^ M : (A, x : T x T 2 ) with K\>T' 2 <L T 2 . 
By induction there exists Q' such that Q' >^ [x := V]M : (A T 2 ), so by rule 
(<) we have Q' K >^ [x := F]M : (A T 2 ). 

Suppose Qi = Q'f X with y ± x; we have Qi > # M : (A', x : T\, y : T^ T 2 ) 
with A = A',y : T 3 and X > T 3 -< Tg. By induction there exists Q' such that 

Q' >jt [x := V]M : (A',y : Tg h # T 2 ). By rule (-<-env), we have Q' y:K ' [x := 

V]M : (A', y : T 3 T 2 ), i.e. Q lV ' K ' > # [x := V]M : (A h # T 2 ), as required. 

Suppose Qi = Q'i :K ; we have Qi >^ M : {A, x : T[ T 2 ) with K^T X < T[. 
By rule (<), we have Qtf >jt V : (A T{), so by induction there exists Q' such 
that Q' >^ [x := V]M : (A T 2 ), hence the result holds. 

Suppose Qi = s B Q' x ; we have Qi >^ M : (A, x : Ti T 2 ) with T 2 = s B T 2 
and ftv(A) U ftv(Ti) C £?. By induction there exists Q' such that Q' >^ [x := 
t/]M : (A h # T 2 ). We have fa (A) C (fa (A) U ftv(Ti)) C B, so by rule (s-l), we 
have s B Q' >^ [x := V]M : (A T 2 ), as required. 

□ 

Lemma B.8. If Q >jt M : (A T) and M ^ M' then there exists Q' such 
that Q' >jt M' : (A T). □ 

Proof. The proof is by induction on Q. In the application case, we have M = 
M 1 @M 2 ,Q = Qi @ Q 2 , Qi i> # M 1 : (A h # T -»• T) and Q 2 > # M 2 : {A h # T'). 

We proceed by induction on M -^-4- M'. 

If the /3-rule is applied, then Mi = Ax.Af 3 , M 2 is a value V, and M' = [x := 
V^]M 3 . By Lemma B.6, there exists Qi such that Ax.Qi >^ Ax.M 3 : (A T' -> 
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T). By rule (abs), we have Q[ > # M 3 : (A,x : V h # T). We have then the 
required result by Lemma B.7. 

If the first congruence rule is applied, we have M\ M[ and M' — 

M[ @ Mi . By the induction hypothesis on the reduction, there exists Q[ such that 
Q[ >^ M[ : (A h # T -> T). By rule (app) we have Q[ @ Q 2 >^ M' : (A h # T), 
hence the result holds. 

If the second congruence rule is applied, we have M 2 -A M 2 , Mi is a 
value V and M' = Vif^M^. By the induction hypothesis on the reduction, 
there exists Q' 2 such that Q' 2 >^ M 2 : (A T"). By rule (app) we have 
Qx @g' 2 > # M' : (A h # T), hence the result holds. 

The other cases (type constructor introductions, subtypings) are straightfor- 
ward by induction. 

□ 

Theorem B.9. If Q > M : (A h T)/Z\ where A is solved, and M ^4 M' , then 
there exists Q' and a solved A' such that Q' > M' : (Ah T) / A' . 

□ 

Proof. By Lemma B.3 we have Q' >^ M : (A T). By Lemma B.8, we have 
Q' >^ M' : (A h # T), so by Lemma B.3, we have Q" >M':(4h T)/A', hence 
the result holds. 

□ 

C Initial skeletons 

We now prove that we can generate System F s skeletons from an initial skeleton. 

Lemma C.l. Let Q such that C h M > Q, and let Q 1 such that Q 1 > M : 
(Ah T)/A and support(A) = support(C). There exists S such that support(S') = 
allvar(Q) and [S}Q > M : (A h T)/(A A A') where A' is reflexive. 

□ 

Proof. By induction on Q 1 . 

If Q 1 = x A , then we have x A > x : (A h A(x)) /T and Q = x a for some s 
and a. Let S be the substitution which substitutes A(x{) for C(xj) for all i, and 
such that [S]s — <J>. We have [S]Q = x A , hence the result holds. 

If Q 1 = Ax.Q 1 ', then we have Ax.Q 1 ' > Xx.M : (A h T\ -*T 2 )/A with 
Q 1 ' > M : (A3;:TihT 2 )/A We also have Q = s ftv(tenv(*x.Q')) Ax q' with 
C, x : a h M > Q' and s £ allvar(Q'). By induction there exists S such that 
[S]Q' > M : (A,x : Ti h T 2 )/(Z\ A Z\') with Z\' reflexive. Let S*' = (5, s := <■>, □ ). 
We have [S']Q' > M : (A,x : Ti h T 2 )/(Z\ A z4'), so by rule (abs), we have 
Ax.[S"]Q' > M : (A h Ti -> T 2 )/(Z\ A /Y). We have [S']Q = Ax.[S"]Q', hence the 
result holds. 
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If Q 1 = Q 1 1 @Q 2 2 , then we have Q 1 1 @Q 1 2 > M 1 @M 2 : (A h T 2 ) / A with 
Q\ > Mi : (A h Ti -> T 2 )/Z\i and Q 1 2 > M 2 : (A h Ti)/Z\ 2 . We also have 

g = s ftv(tenv(Q')) Q/ with Q/ = g:rtype(Q 2 )^a @ g^ g i .^.^ skdeton for M± Rnd 

Q 2 initial skeleton for M 2 . By induction there exists Si, S 2 such that [Si](Qi > 
Mi : {A h Ti -> T 2 )/(Z\i A Zi'i) and [S 2 ]g 2 > M 2 : (A h Ti)/(Z\ 2 A ZV 2 ) with 
Zi'i, A' 2 reflexive. Let S = (S 1 ,S 2 ,s := <>,a := T 2 ,H). We have [S]Qi > Mi : 
(A h Ti T 2 )/(Z\iAZ\'i), [S]Q 2 > M 2 : (A h Ti)/(Z\ 2 AZ\ 2 ), and [S](rtype(Qi) -> 
a) = Ti -> T 2 . Consequently we have [^gpl^^)^) @[S}Q 2 > M 1 @M 2 : 
(A h T 2 )/Z\" with Z\" = Z\i A A 2 A Z\'i A A' 2 A (Ti T 2 < 7\ -> T 2 ), and 
[S]Q = [ 5 ]g : i [ s ]( rt yP e ( c ?i)^ a ,"+i) @[S]g 2 , hence the result holds. 

If Q 1 = Va.Q 1 ', then we have Va.Q 1 ' > M : {A h Va.T)/3a.A with Q 1 ' > 
M : (ihT)/4 and a £ ftv(A). We have Q = s B Q' for some s, B, and Q'. 
By induction there exists S such that [S]Q > M : (A \- T) / (A A A') with Z\' 
reflexive. Let L = [S]s. Let S' be the substitution equal to S except on s, where 
[S']s = Va.L. We have [S']Q > M : (A A \fa.T)/(A A 3a.Z\'), hence the result 
holds. 

If Q 1 = {Q 1 ')' T2 , then we have (Q 1 ')^ 2 > M : (A h T 2 )/(Z\ 1 A Ti < T 2 ) with 
Q 1 ' > M : (A h Ti)/^ 1 . We have Q = s B Q' for some s, B, and Q'. By induction 
there exists S such that [S]Q >M:(ih Tl}/^ 1 A Zi' 1 ) with A' 1 reflexive. Let 
L = [S]s. Let S' be the substitution equal to S except on s, where [S']s = L :T2 . 
We have [S']Q > M : (A h T 2 )/(Z\ 1 A (7i < T 2 ) A Zi' 1 ), hence the result holds. 

If g 1 = s B g 1 ', then we have s B Q 1 ' > M : (A h s B T)/sf Zi 1 with g 1 ' > 
M : (A h T)/^ 1 . We have g = s' B ' g' for some Q', s', and B'. By induction 
there exists S such that [S]Q >M:(ih Ti)/(Z\ 1 A A' 1 ) with Z\ n reflexive. Let 
L = [S]s'. Let S' be the substitution equal to S except on s', where [S']s' = 
s s\ftv([s]B') L We have [ S /]q > M . ^ h s b T)/(sf Zi 1 A sf Zi' 1 ), hence the 

result holds. 

□ 

Theorem C.2. Let Q such that h M i> Q, and let Q 1 be a relevant skeleton 
such that g 1 > M : (A h T)/A. There exists S such that and [S]Q > M : 
(A h T)/(Z\ A Z\') urart Z\' reflexive. 

□ 

Proof. If h M > g, then there exists C such that ChMi>Q and support(C) = 
fv(M). The skeleton Q 1 is relevant so we have support(A) = fv(M). Therefore 
we have support(C) = support(A), and we have the required result by Lemma 
C.l. □ 
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